Finished: integrations/0-sogo-centos-6-openldap.md.
This commit is contained in:
parent
44b7d1c39f
commit
b554af0913
|
@ -83,7 +83,7 @@
|
|||
<li>
|
||||
<p>Install SOGo groupware on:</p>
|
||||
<ul>
|
||||
<li>CentOS 6: <a href="./sogo-centos-6-mysql.html">MySQL</a></li>
|
||||
<li>CentOS 6: <a href="./sogo-centos-6-mysql.html">MySQL</a>, <a href="./sogo-centos-6-openldap.html">OpenLDAP</a>.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
|
|
@ -28,7 +28,6 @@
|
|||
<li><a href="#add-required-cron-jobs">Add required cron jobs</a></li>
|
||||
<li><a href="#access-sogo-from-web-browser">Access SOGo from web browser</a></li>
|
||||
<li><a href="#configure-your-mail-clients-or-mobile-devices-to-use-caldavcarddav-services">Configure your mail clients or mobile devices to use CalDav/CardDAV services</a></li>
|
||||
<li><a href="#todo">TODO</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
@ -203,6 +202,17 @@ for you, just replace MySQL username/password in this file, then it's done.</p>
|
|||
}
|
||||
</code></pre>
|
||||
|
||||
<p>Important note: sieve rules generated by SOGo is not compatible with Roundcube
|
||||
webmail, so if you're running both Roundcube and SOGo, you must disable sieve
|
||||
support (including forwarding and vacation support) in one of them to avoid
|
||||
incompatible sieve rules. if you choose to run only SOGo, you can enable sieve
|
||||
support by removing comment mark of below lines in above configuration:</p>
|
||||
<pre><code> SOGoSieveServer = sieve://127.0.0.1:4190;
|
||||
SOGoSieveScriptsEnabled = YES;
|
||||
SOGoVacationEnabled = YES;
|
||||
SOGoForwardEnabled = YES;
|
||||
</code></pre>
|
||||
|
||||
<h2 id="configure-web-server">Configure web server</h2>
|
||||
<p>To access SOGo groupware (webmail/calendar/contact), we need to configure
|
||||
web server.</p>
|
||||
|
@ -288,8 +298,20 @@ the real directory which contains SOGo files:</p>
|
|||
|
||||
<h2 id="add-dovecot-master-user-used-for-vacation-message-expiration">Add Dovecot Master User, used for vacation message expiration</h2>
|
||||
<p>SOGo need a Dovecot Master User to cleanup vacation expiration, please follow
|
||||
our tutorial to add a Dovecot Master User for this purpose:</p>
|
||||
<p><a href="./dovecot.master.user.html">Dovecot Master User</a></p>
|
||||
our tutorial to add a Dovecot Master User for this purpose: <a href="./dovecot.master.user.html">Dovecot Master User</a>.</p>
|
||||
<p>After added a Dovecot Master User for SOGo, we must store its username and
|
||||
plain password in a separate file used by SOGo, we use <code>/etc/sogo/sieve.cred</code>
|
||||
here for example.</p>
|
||||
<p>Create file <code>/etc/sogo/sieve.cred</code>, write Dovecot Master User in this file in
|
||||
format: <code>username:password</code>. For example:</p>
|
||||
<pre><code>my_master_user@non-exist.com:my_master_password
|
||||
</code></pre>
|
||||
|
||||
<p>Set strict file owner and permission:</p>
|
||||
<pre><code># chown sogo:sogo /etc/sogo/sieve.cred
|
||||
# chmod 0400 /etc/sogo/sieve.cred
|
||||
</code></pre>
|
||||
|
||||
<h2 id="add-required-cron-jobs">Add required cron jobs</h2>
|
||||
<p>Please add below cron jobs for SOGo daemon user <code>sogo</code>. You can add them with
|
||||
command: <code>crontab -l -u sogo</code></p>
|
||||
|
@ -311,11 +333,7 @@ command: <code>crontab -l -u sogo</code></p>
|
|||
word <code>SOGo</code> is case-sensitive), you can login with your email account credential.</p>
|
||||
<h2 id="configure-your-mail-clients-or-mobile-devices-to-use-caldavcarddav-services">Configure your mail clients or mobile devices to use CalDav/CardDAV services</h2>
|
||||
<p>Please check our documents <a href="./index.html#configure-mail-client-applications">here</a>
|
||||
to configure your mail clients or mobile devices.</p>
|
||||
<h2 id="todo">TODO</h2>
|
||||
<ul>
|
||||
<li>Add Dovecot Master User, for vacation message expiration</li>
|
||||
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<!-- Google Analytics -->
|
||||
to configure your mail clients or mobile devices.</p><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<!-- Google Analytics -->
|
||||
<script type="text/javascript">
|
||||
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
|
||||
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
|
||||
|
|
|
@ -0,0 +1,367 @@
|
|||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<title>Install SOGo groupware on CentOS 6 with iRedMail (OpenLDAP backend)</title>
|
||||
<link href="./css/markdown.css" rel="stylesheet"></head>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div id="navigation">
|
||||
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
||||
|
||||
// <a href="./index.html">Document Index</a>
|
||||
</div><h1 id="install-sogo-groupware-on-centos-6-with-iredmail-openldap-backend">Install SOGo groupware on CentOS 6 with iRedMail (OpenLDAP backend)</h1>
|
||||
<div class="toc">
|
||||
<ul>
|
||||
<li><a href="#install-sogo-groupware-on-centos-6-with-iredmail-openldap-backend">Install SOGo groupware on CentOS 6 with iRedMail (OpenLDAP backend)</a><ul>
|
||||
<li><a href="#requirements">Requirements</a></li>
|
||||
<li><a href="#install-sogo">Install SOGo</a></li>
|
||||
<li><a href="#create-required-sql-database">Create required SQL database</a></li>
|
||||
<li><a href="#configure-sogo">Configure SOGo</a></li>
|
||||
<li><a href="#configure-web-server">Configure web server</a><ul>
|
||||
<li><a href="#apache-web-server">Apache web server</a></li>
|
||||
<li><a href="#nginx-web-server">Nginx web server</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><a href="#start-sogo-and-dependent-services">Start SOGo and dependent services</a></li>
|
||||
<li><a href="#add-dovecot-master-user-used-for-vacation-message-expiration">Add Dovecot Master User, used for vacation message expiration</a></li>
|
||||
<li><a href="#add-required-cron-jobs">Add required cron jobs</a></li>
|
||||
<li><a href="#access-sogo-from-web-browser">Access SOGo from web browser</a></li>
|
||||
<li><a href="#configure-your-mail-clients-or-mobile-devices-to-use-caldavcarddav-services">Configure your mail clients or mobile devices to use CalDav/CardDAV services</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<h2 id="requirements">Requirements</h2>
|
||||
<ul>
|
||||
<li>A working iRedMail server (OpenLDAP backend) on CentOS 6.</li>
|
||||
</ul>
|
||||
<h2 id="install-sogo">Install SOGo</h2>
|
||||
<ul>
|
||||
<li>Make sure you have EPEL repo enabled, if not, please follow <a href="https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F">this wiki
|
||||
tutorial</a>
|
||||
to enable it.</li>
|
||||
</ul>
|
||||
<pre><code># yum repolist | grep -i 'epel'
|
||||
epel Extra Packages for Enterprise Linux 6 - x86_64 11,109
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Add yum repo file <code>/etc/yum.repos.d/sogo.repo</code>:</li>
|
||||
</ul>
|
||||
<pre><code>[SOGo]
|
||||
name=Inverse SOGo Repository
|
||||
baseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearch
|
||||
gpgcheck=0
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Install SOGo and dependences:</li>
|
||||
</ul>
|
||||
<pre><code># yum install sogo sope49-gdl1-mysql sope49-ldap sogo-activesync libwbxml sogo-ealarms-notify sogo-tool
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Append an alias entry in Postfix config file <code>/etc/postfix/aliases</code>, so that
|
||||
notifications of cron jobs will be sent to mail server administrator.</li>
|
||||
</ul>
|
||||
<pre><code># Part of file: /etc/postfix/aliases
|
||||
|
||||
sogo: root
|
||||
</code></pre>
|
||||
|
||||
<p>Execute command to update alias db:</p>
|
||||
<pre><code># postalias /etc/postfix/aliases
|
||||
</code></pre>
|
||||
|
||||
<h2 id="create-required-sql-database">Create required SQL database</h2>
|
||||
<p>SOGo will store some data (e.g. user preferences, sieve rules) in SQL database,
|
||||
so we need to create a database for it.</p>
|
||||
<pre><code>$ mysql -u root -p
|
||||
|
||||
mysql> CREATE DATABASE sogo CHARSET='UTF8';
|
||||
mysql> GRANT ALL ON sogo.* TO sogo@localhost IDENTIFIED BY 'password';
|
||||
</code></pre>
|
||||
|
||||
<p>Note: SOGo will create required SQL tables automatically, we don't need to
|
||||
create them manually.</p>
|
||||
<h2 id="configure-sogo">Configure SOGo</h2>
|
||||
<p>Default SOGo config file is <code>/etc/sogo/sogo.conf</code>. We have a sample config file
|
||||
for you, just replace MySQL username/password for sogo SQL database and LDAP
|
||||
basedn, bind dn/passwordthen in this file, then it's done.</p>
|
||||
<p>With below config file, SOGo will listen on address <code>127.0.0.1</code>, port <code>20000</code>.</p>
|
||||
<pre><code>{
|
||||
// Official SOGo documents:
|
||||
// - http://www.sogo.nu/english/support/documentation.html
|
||||
// - http://wiki.sogo.nu
|
||||
//
|
||||
// Mailing list:
|
||||
// - http://www.sogo.nu/english/support/community.html
|
||||
|
||||
// Enable verbose logging. Reference:
|
||||
// http://www.sogo.nu/nc/support/faq/article/how-to-enable-more-verbose-logging-in-sogo.html
|
||||
//ImapDebugEnabled = YES;
|
||||
//LDAPDebugEnabled = YES;
|
||||
//MySQL4DebugEnabled = YES;
|
||||
//PGDebugEnabled = YES;
|
||||
|
||||
// Daemon address and port
|
||||
WOPort = 127.0.0.1:20000;
|
||||
|
||||
// PID file
|
||||
//WOPidFile = /var/log/sogo/sogo.log;
|
||||
|
||||
// IMAP connection pool.
|
||||
// Your performance will slightly increase, as you won't open a new
|
||||
// connection for every access to your IMAP server.
|
||||
// But you will get a lot of simultaneous open connections to your IMAP
|
||||
// server, so make sure he can handle them.
|
||||
// For debugging it is reasonable to turn pooling off.
|
||||
//NGImap4DisableIMAP4Pooling = NO;
|
||||
|
||||
SOGoProfileURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_user_profile";
|
||||
OCSFolderInfoURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_folder_info";
|
||||
OCSSessionsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_sessions_folder";
|
||||
|
||||
// Default language in the web interface
|
||||
SOGoLanguage = English;
|
||||
|
||||
// Specify which module to show after login: Calendar, Mail, Contacts.
|
||||
SOGoLoginModule = Mail;
|
||||
|
||||
// Must login with full email address
|
||||
SOGoForceExternalLoginWithEmail = YES;
|
||||
|
||||
// Allow user to change full name and email address.
|
||||
SOGoMailCustomFromEnabled = YES;
|
||||
|
||||
// Enable email-based alarms on events and tasks.
|
||||
SOGoEnableEMailAlarms = YES;
|
||||
OCSEMailAlarmsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_alarms_folder";
|
||||
|
||||
// IMAP server
|
||||
//SOGoIMAPServer = "imaps://127.0.0.1:143/?tls=YES";
|
||||
// Local connection is considered as secure by Dovecot.
|
||||
SOGoIMAPServer = "imap://127.0.0.1:143/";
|
||||
|
||||
// SMTP server
|
||||
SOGoMailingMechanism = smtp;
|
||||
SOGoSMTPServer = 127.0.0.1;
|
||||
//SOGoSMTPAuthenticationType = PLAIN;
|
||||
|
||||
// Enable managesieve service
|
||||
//
|
||||
// WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube
|
||||
// webmail, don't use sieve service in both webmails, otherwise
|
||||
// it will be messy.
|
||||
//
|
||||
//SOGoSieveServer = sieve://127.0.0.1:4190;
|
||||
//SOGoSieveScriptsEnabled = YES;
|
||||
//SOGoVacationEnabled = YES;
|
||||
//SOGoForwardEnabled = YES;
|
||||
|
||||
// Memcached
|
||||
SOGoMemcachedHost = 127.0.0.1;
|
||||
|
||||
SOGoTimeZone = "America/New_York";
|
||||
|
||||
SOGoFirstDayOfWeek = 1;
|
||||
|
||||
SOGoRefreshViewCheck = every_5_minutes;
|
||||
SOGoMailReplyPlacement = below;
|
||||
|
||||
SOGoAppointmentSendEMailNotifications = YES;
|
||||
SOGoFoldersSendEMailNotifications = YES;
|
||||
SOGoACLsSendEMailNotifications = YES;
|
||||
|
||||
// PostgreSQL cannot update view
|
||||
SOGoPasswordChangeEnabled = YES;
|
||||
|
||||
// Authentication using LDAP
|
||||
SOGoUserSources = (
|
||||
{
|
||||
type = ldap;
|
||||
hostname = "ldap://127.0.0.1:389";
|
||||
baseDN = "o=domains,dc=example,dc=com";
|
||||
//bindAsCurrentUser = YES;
|
||||
bindDN = "cn=vmailadmin,dc=example,dc=com";
|
||||
bindPassword = "SLNHxbNmFwSd55gpZACnvZdTT10zSX";
|
||||
filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail";
|
||||
scope = SUB;
|
||||
|
||||
// The algorithm used for password encryption when changing
|
||||
// passwords without Password Policies enabled.
|
||||
// Possible values are: plain, crypt, md5-crypt, ssha.
|
||||
userPasswordAlgorithm = ssha;
|
||||
|
||||
IDFieldName = mail;
|
||||
bindFields = (mail);
|
||||
CNFieldName = cn;
|
||||
// value of UID field must be unique on whole server.
|
||||
UIDFieldName = mail;
|
||||
IMAPLoginFieldName = mail;
|
||||
SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);
|
||||
canAuthenticate = YES;
|
||||
displayName = "Global Address Book";
|
||||
id = ldap_auth;
|
||||
isAddressBook = YES;
|
||||
}
|
||||
);
|
||||
}
|
||||
</code></pre>
|
||||
|
||||
<p>Important note:</p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>LDAP bind dn must have privilege to read and write mail accounts stored in
|
||||
LDAP server, so that it can modify user password. <code>cn=vmailadmin,dc=xx,dc=xx</code>
|
||||
is recommended, do <strong>NOT</strong> use <code>cn=Manager,dc=xx,dc=xx</code>. You can find
|
||||
<code>cn=vmailadmin,dc=xx,dc=xx</code> in iRedAdmin config file
|
||||
(<code>/var/www/iredadmin/settings.py</code>).</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>sieve rules generated by SOGo is not compatible with Roundcube
|
||||
webmail, so if you're running both Roundcube and SOGo, you must disable sieve
|
||||
support (including forwarding and vacation support) in one of them to avoid
|
||||
incompatible sieve rules. if you choose to run only SOGo, you can enable sieve
|
||||
support by removing comment mark of below lines in above configuration:</p>
|
||||
</li>
|
||||
</ul>
|
||||
<pre><code> SOGoSieveServer = sieve://127.0.0.1:4190;
|
||||
SOGoSieveScriptsEnabled = YES;
|
||||
SOGoVacationEnabled = YES;
|
||||
SOGoForwardEnabled = YES;
|
||||
</code></pre>
|
||||
|
||||
<h2 id="configure-web-server">Configure web server</h2>
|
||||
<p>To access SOGo groupware (webmail/calendar/contact), we need to configure
|
||||
web server.</p>
|
||||
<h3 id="apache-web-server">Apache web server</h3>
|
||||
<p>SOGo installs config file <code>/etc/httpd/conf.d/SOGo.conf</code> by default, please
|
||||
open it and find below lines:</p>
|
||||
<pre><code>#ProxyPass /Microsoft-Server-ActiveSync \
|
||||
# http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
|
||||
# retry=60 connectiontimeout=5 timeout=360
|
||||
</code></pre>
|
||||
|
||||
<p>Remove <code>#</code> at the beginning to enable ActiveSync support:</p>
|
||||
<pre><code>ProxyPass /Microsoft-Server-ActiveSync \
|
||||
http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
|
||||
retry=60 connectiontimeout=5 timeout=360
|
||||
</code></pre>
|
||||
|
||||
<h3 id="nginx-web-server">Nginx web server</h3>
|
||||
<p>If you're running Nginx web server configured by iRedMail, please open file
|
||||
<code>/etc/nginx/conf.d/default.conf</code>, add some lines in <code>server {}</code> configured for
|
||||
HTTPS:</p>
|
||||
<pre><code>server {
|
||||
listen 443;
|
||||
...
|
||||
|
||||
# Add below lines for SOGo
|
||||
# SOGo
|
||||
location ~ ^/sogo { rewrite ^ https://$host/SOGo; }
|
||||
location ~ ^/SOGO { rewrite ^ https://$host/SOGo; }
|
||||
|
||||
# For IOS 7
|
||||
location = /principals/ {
|
||||
rewrite ^ https://$server_name/SOGo/dav;
|
||||
allow all;
|
||||
}
|
||||
|
||||
location ^~ /SOGo {
|
||||
proxy_pass http://127.0.0.1:20000;
|
||||
#proxy_redirect http://127.0.0.1:20000/SOGo/ /SOGo;
|
||||
# forward user's IP address
|
||||
#proxy_set_header X-Real-IP $remote_addr;
|
||||
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
#proxy_set_header Host $host;
|
||||
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
||||
#proxy_set_header x-webobjects-remote-host 127.0.0.1;
|
||||
#proxy_set_header x-webobjects-server-name $server_name;
|
||||
#proxy_set_header x-webobjects-server-url $scheme://$host;
|
||||
}
|
||||
|
||||
location ^~ /Microsoft-Server-ActiveSync {
|
||||
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
|
||||
proxy_redirect http://127.0.0.1:20000/Microsoft-Server-ActiveSync /;
|
||||
}
|
||||
|
||||
location ^~ /SOGo/Microsoft-Server-ActiveSync {
|
||||
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
|
||||
proxy_redirect http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync /;
|
||||
}
|
||||
|
||||
location /SOGo.woa/WebServerResources/ {
|
||||
alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
|
||||
}
|
||||
location /SOGo/WebServerResources/ {
|
||||
alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
|
||||
}
|
||||
location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ {
|
||||
alias /usr/lib64/GNUstep/SOGo/$1.SOGo/Resources/$2;
|
||||
}
|
||||
}
|
||||
</code></pre>
|
||||
|
||||
<p><strong>Important note</strong>: You must replace path <code>/usr/lib/GNUstep/SOGo</code> with
|
||||
the real directory which contains SOGo files:</p>
|
||||
<ul>
|
||||
<li>on i386 platform, it's <code>/usr/lib/GNUstep/SOGo</code>.</li>
|
||||
<li>on x86_64, it's <code>/usr/lib64/GNUstep/SOGo</code>.</li>
|
||||
</ul>
|
||||
<h2 id="start-sogo-and-dependent-services">Start SOGo and dependent services</h2>
|
||||
<pre><code># service httpd restart # <- restart 'nginx' service if you're running Nginx
|
||||
# service memcached restart
|
||||
# service sogod restart
|
||||
</code></pre>
|
||||
|
||||
<h2 id="add-dovecot-master-user-used-for-vacation-message-expiration">Add Dovecot Master User, used for vacation message expiration</h2>
|
||||
<p>SOGo need a Dovecot Master User to cleanup vacation expiration, please follow
|
||||
our tutorial to add a Dovecot Master User for this purpose: <a href="./dovecot.master.user.html">Dovecot Master User</a>.</p>
|
||||
<p>After added a Dovecot Master User for SOGo, we must store its username and
|
||||
plain password in a separate file used by SOGo, we use <code>/etc/sogo/sieve.cred</code>
|
||||
here for example.</p>
|
||||
<p>Create file <code>/etc/sogo/sieve.cred</code>, write Dovecot Master User in this file in
|
||||
format: <code>username:password</code>. For example:</p>
|
||||
<pre><code>my_master_user@non-exist.com:my_master_password
|
||||
</code></pre>
|
||||
|
||||
<p>Set strict file owner and permission:</p>
|
||||
<pre><code># chown sogo:sogo /etc/sogo/sieve.cred
|
||||
# chmod 0400 /etc/sogo/sieve.cred
|
||||
</code></pre>
|
||||
|
||||
<h2 id="add-required-cron-jobs">Add required cron jobs</h2>
|
||||
<p>Please add below cron jobs for SOGo daemon user <code>sogo</code>. You can add them with
|
||||
command: <code>crontab -l -u sogo</code></p>
|
||||
<pre><code># iRedMail: SOGo email reminder, should be run every minute.
|
||||
* * * * * /usr/sbin/sogo-ealarms-notify
|
||||
|
||||
# iRedMail: SOGo session cleanup, should be run every minute.
|
||||
# Ajust the [X]Minutes parameter to suit your needs
|
||||
# Example: Sessions without activity since 30 minutes will be dropped:
|
||||
* * * * * /usr/sbin/sogo-tool expire-sessions 30
|
||||
|
||||
# iRedMail: SOGo vacation messages expiration
|
||||
# The credentials file should contain the sieve admin credentials (username:passwd)
|
||||
0 0 * * * /usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.cred
|
||||
</code></pre>
|
||||
|
||||
<h2 id="access-sogo-from-web-browser">Access SOGo from web browser</h2>
|
||||
<p>Open your favourite web browser, access URL: <code>https://[your_server]/SOGo</code> (the
|
||||
word <code>SOGo</code> is case-sensitive), you can login with your email account credential.</p>
|
||||
<h2 id="configure-your-mail-clients-or-mobile-devices-to-use-caldavcarddav-services">Configure your mail clients or mobile devices to use CalDav/CardDAV services</h2>
|
||||
<p>Please check our documents <a href="./index.html#configure-mail-client-applications">here</a>
|
||||
to configure your mail clients or mobile devices.</p><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<!-- Google Analytics -->
|
||||
<script type="text/javascript">
|
||||
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
|
||||
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
|
||||
</script>
|
||||
<script type="text/javascript">
|
||||
try {
|
||||
var pageTracker = _gat._getTracker("UA-3293801-14");
|
||||
pageTracker._trackPageview();
|
||||
} catch(err) {}
|
||||
</script>
|
||||
</body></html>
|
|
@ -294,11 +294,28 @@ the real directory which contains SOGo files:
|
|||
## Add Dovecot Master User, used for vacation message expiration
|
||||
|
||||
SOGo need a Dovecot Master User to cleanup vacation expiration, please follow
|
||||
our tutorial to add a Dovecot Master User for this purpose:
|
||||
our tutorial to add a Dovecot Master User for this purpose: [Dovecot Master User](./dovecot.master.user.html).
|
||||
|
||||
[Dovecot Master User](./dovecot.master.user.html)
|
||||
After added a Dovecot Master User for SOGo, we must store its username and
|
||||
plain password in a separate file used by SOGo, we use `/etc/sogo/sieve.cred`
|
||||
here for example.
|
||||
|
||||
Create file `/etc/sogo/sieve.cred`, write Dovecot Master User in this file in
|
||||
format: `username:password`. For example:
|
||||
|
||||
```
|
||||
my_master_user@non-exist.com:my_master_password
|
||||
```
|
||||
|
||||
Set strict file owner and permission:
|
||||
|
||||
```
|
||||
# chown sogo:sogo /etc/sogo/sieve.cred
|
||||
# chmod 0400 /etc/sogo/sieve.cred
|
||||
```
|
||||
|
||||
## Add required cron jobs
|
||||
|
||||
Please add below cron jobs for SOGo daemon user `sogo`. You can add them with
|
||||
command: `crontab -l -u sogo`
|
||||
|
||||
|
@ -325,8 +342,3 @@ word `SOGo` is case-sensitive), you can login with your email account credential
|
|||
|
||||
Please check our documents [here](./index.html#configure-mail-client-applications)
|
||||
to configure your mail clients or mobile devices.
|
||||
|
||||
## TODO
|
||||
|
||||
* Add Dovecot Master User, for vacation message expiration
|
||||
|
||||
|
|
|
@ -0,0 +1,360 @@
|
|||
# Install SOGo groupware on CentOS 6 with iRedMail (OpenLDAP backend)
|
||||
|
||||
[TOC]
|
||||
|
||||
## Requirements
|
||||
|
||||
* A working iRedMail server (OpenLDAP backend) on CentOS 6.
|
||||
|
||||
## Install SOGo
|
||||
|
||||
* Make sure you have EPEL repo enabled, if not, please follow [this wiki
|
||||
tutorial](https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F)
|
||||
to enable it.
|
||||
|
||||
```
|
||||
# yum repolist | grep -i 'epel'
|
||||
epel Extra Packages for Enterprise Linux 6 - x86_64 11,109
|
||||
```
|
||||
|
||||
* Add yum repo file `/etc/yum.repos.d/sogo.repo`:
|
||||
|
||||
```
|
||||
[SOGo]
|
||||
name=Inverse SOGo Repository
|
||||
baseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearch
|
||||
gpgcheck=0
|
||||
```
|
||||
|
||||
* Install SOGo and dependences:
|
||||
|
||||
```
|
||||
# yum install sogo sope49-gdl1-mysql sope49-ldap sogo-activesync libwbxml sogo-ealarms-notify sogo-tool
|
||||
```
|
||||
|
||||
* Append an alias entry in Postfix config file `/etc/postfix/aliases`, so that
|
||||
notifications of cron jobs will be sent to mail server administrator.
|
||||
|
||||
```
|
||||
# Part of file: /etc/postfix/aliases
|
||||
|
||||
sogo: root
|
||||
```
|
||||
|
||||
Execute command to update alias db:
|
||||
|
||||
```
|
||||
# postalias /etc/postfix/aliases
|
||||
```
|
||||
|
||||
## Create required SQL database
|
||||
|
||||
SOGo will store some data (e.g. user preferences, sieve rules) in SQL database,
|
||||
so we need to create a database for it.
|
||||
|
||||
```
|
||||
$ mysql -u root -p
|
||||
|
||||
mysql> CREATE DATABASE sogo CHARSET='UTF8';
|
||||
mysql> GRANT ALL ON sogo.* TO sogo@localhost IDENTIFIED BY 'password';
|
||||
```
|
||||
|
||||
Note: SOGo will create required SQL tables automatically, we don't need to
|
||||
create them manually.
|
||||
|
||||
## Configure SOGo
|
||||
|
||||
Default SOGo config file is `/etc/sogo/sogo.conf`. We have a sample config file
|
||||
for you, just replace MySQL username/password for sogo SQL database and LDAP
|
||||
basedn, bind dn/passwordthen in this file, then it's done.
|
||||
|
||||
With below config file, SOGo will listen on address `127.0.0.1`, port `20000`.
|
||||
|
||||
```
|
||||
{
|
||||
// Official SOGo documents:
|
||||
// - http://www.sogo.nu/english/support/documentation.html
|
||||
// - http://wiki.sogo.nu
|
||||
//
|
||||
// Mailing list:
|
||||
// - http://www.sogo.nu/english/support/community.html
|
||||
|
||||
// Enable verbose logging. Reference:
|
||||
// http://www.sogo.nu/nc/support/faq/article/how-to-enable-more-verbose-logging-in-sogo.html
|
||||
//ImapDebugEnabled = YES;
|
||||
//LDAPDebugEnabled = YES;
|
||||
//MySQL4DebugEnabled = YES;
|
||||
//PGDebugEnabled = YES;
|
||||
|
||||
// Daemon address and port
|
||||
WOPort = 127.0.0.1:20000;
|
||||
|
||||
// PID file
|
||||
//WOPidFile = /var/log/sogo/sogo.log;
|
||||
|
||||
// IMAP connection pool.
|
||||
// Your performance will slightly increase, as you won't open a new
|
||||
// connection for every access to your IMAP server.
|
||||
// But you will get a lot of simultaneous open connections to your IMAP
|
||||
// server, so make sure he can handle them.
|
||||
// For debugging it is reasonable to turn pooling off.
|
||||
//NGImap4DisableIMAP4Pooling = NO;
|
||||
|
||||
SOGoProfileURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_user_profile";
|
||||
OCSFolderInfoURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_folder_info";
|
||||
OCSSessionsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_sessions_folder";
|
||||
|
||||
// Default language in the web interface
|
||||
SOGoLanguage = English;
|
||||
|
||||
// Specify which module to show after login: Calendar, Mail, Contacts.
|
||||
SOGoLoginModule = Mail;
|
||||
|
||||
// Must login with full email address
|
||||
SOGoForceExternalLoginWithEmail = YES;
|
||||
|
||||
// Allow user to change full name and email address.
|
||||
SOGoMailCustomFromEnabled = YES;
|
||||
|
||||
// Enable email-based alarms on events and tasks.
|
||||
SOGoEnableEMailAlarms = YES;
|
||||
OCSEMailAlarmsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_alarms_folder";
|
||||
|
||||
// IMAP server
|
||||
//SOGoIMAPServer = "imaps://127.0.0.1:143/?tls=YES";
|
||||
// Local connection is considered as secure by Dovecot.
|
||||
SOGoIMAPServer = "imap://127.0.0.1:143/";
|
||||
|
||||
// SMTP server
|
||||
SOGoMailingMechanism = smtp;
|
||||
SOGoSMTPServer = 127.0.0.1;
|
||||
//SOGoSMTPAuthenticationType = PLAIN;
|
||||
|
||||
// Enable managesieve service
|
||||
//
|
||||
// WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube
|
||||
// webmail, don't use sieve service in both webmails, otherwise
|
||||
// it will be messy.
|
||||
//
|
||||
//SOGoSieveServer = sieve://127.0.0.1:4190;
|
||||
//SOGoSieveScriptsEnabled = YES;
|
||||
//SOGoVacationEnabled = YES;
|
||||
//SOGoForwardEnabled = YES;
|
||||
|
||||
// Memcached
|
||||
SOGoMemcachedHost = 127.0.0.1;
|
||||
|
||||
SOGoTimeZone = "America/New_York";
|
||||
|
||||
SOGoFirstDayOfWeek = 1;
|
||||
|
||||
SOGoRefreshViewCheck = every_5_minutes;
|
||||
SOGoMailReplyPlacement = below;
|
||||
|
||||
SOGoAppointmentSendEMailNotifications = YES;
|
||||
SOGoFoldersSendEMailNotifications = YES;
|
||||
SOGoACLsSendEMailNotifications = YES;
|
||||
|
||||
// PostgreSQL cannot update view
|
||||
SOGoPasswordChangeEnabled = YES;
|
||||
|
||||
// Authentication using LDAP
|
||||
SOGoUserSources = (
|
||||
{
|
||||
type = ldap;
|
||||
hostname = "ldap://127.0.0.1:389";
|
||||
baseDN = "o=domains,dc=example,dc=com";
|
||||
//bindAsCurrentUser = YES;
|
||||
bindDN = "cn=vmailadmin,dc=example,dc=com";
|
||||
bindPassword = "SLNHxbNmFwSd55gpZACnvZdTT10zSX";
|
||||
filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail";
|
||||
scope = SUB;
|
||||
|
||||
// The algorithm used for password encryption when changing
|
||||
// passwords without Password Policies enabled.
|
||||
// Possible values are: plain, crypt, md5-crypt, ssha.
|
||||
userPasswordAlgorithm = ssha;
|
||||
|
||||
IDFieldName = mail;
|
||||
bindFields = (mail);
|
||||
CNFieldName = cn;
|
||||
// value of UID field must be unique on whole server.
|
||||
UIDFieldName = mail;
|
||||
IMAPLoginFieldName = mail;
|
||||
SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);
|
||||
canAuthenticate = YES;
|
||||
displayName = "Global Address Book";
|
||||
id = ldap_auth;
|
||||
isAddressBook = YES;
|
||||
}
|
||||
);
|
||||
}
|
||||
```
|
||||
|
||||
Important note:
|
||||
|
||||
* LDAP bind dn must have privilege to read and write mail accounts stored in
|
||||
LDAP server, so that it can modify user password. `cn=vmailadmin,dc=xx,dc=xx`
|
||||
is recommended, do __NOT__ use `cn=Manager,dc=xx,dc=xx`. You can find
|
||||
`cn=vmailadmin,dc=xx,dc=xx` in iRedAdmin config file
|
||||
(`/var/www/iredadmin/settings.py`).
|
||||
|
||||
* sieve rules generated by SOGo is not compatible with Roundcube
|
||||
webmail, so if you're running both Roundcube and SOGo, you must disable sieve
|
||||
support (including forwarding and vacation support) in one of them to avoid
|
||||
incompatible sieve rules. if you choose to run only SOGo, you can enable sieve
|
||||
support by removing comment mark of below lines in above configuration:
|
||||
|
||||
```
|
||||
SOGoSieveServer = sieve://127.0.0.1:4190;
|
||||
SOGoSieveScriptsEnabled = YES;
|
||||
SOGoVacationEnabled = YES;
|
||||
SOGoForwardEnabled = YES;
|
||||
```
|
||||
|
||||
## Configure web server
|
||||
|
||||
To access SOGo groupware (webmail/calendar/contact), we need to configure
|
||||
web server.
|
||||
|
||||
### Apache web server
|
||||
|
||||
SOGo installs config file `/etc/httpd/conf.d/SOGo.conf` by default, please
|
||||
open it and find below lines:
|
||||
|
||||
```
|
||||
#ProxyPass /Microsoft-Server-ActiveSync \
|
||||
# http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
|
||||
# retry=60 connectiontimeout=5 timeout=360
|
||||
```
|
||||
|
||||
Remove `#` at the beginning to enable ActiveSync support:
|
||||
|
||||
```
|
||||
ProxyPass /Microsoft-Server-ActiveSync \
|
||||
http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
|
||||
retry=60 connectiontimeout=5 timeout=360
|
||||
```
|
||||
|
||||
### Nginx web server
|
||||
|
||||
If you're running Nginx web server configured by iRedMail, please open file
|
||||
`/etc/nginx/conf.d/default.conf`, add some lines in `server {}` configured for
|
||||
HTTPS:
|
||||
|
||||
```
|
||||
server {
|
||||
listen 443;
|
||||
...
|
||||
|
||||
# Add below lines for SOGo
|
||||
# SOGo
|
||||
location ~ ^/sogo { rewrite ^ https://$host/SOGo; }
|
||||
location ~ ^/SOGO { rewrite ^ https://$host/SOGo; }
|
||||
|
||||
# For IOS 7
|
||||
location = /principals/ {
|
||||
rewrite ^ https://$server_name/SOGo/dav;
|
||||
allow all;
|
||||
}
|
||||
|
||||
location ^~ /SOGo {
|
||||
proxy_pass http://127.0.0.1:20000;
|
||||
#proxy_redirect http://127.0.0.1:20000/SOGo/ /SOGo;
|
||||
# forward user's IP address
|
||||
#proxy_set_header X-Real-IP $remote_addr;
|
||||
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
#proxy_set_header Host $host;
|
||||
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
||||
#proxy_set_header x-webobjects-remote-host 127.0.0.1;
|
||||
#proxy_set_header x-webobjects-server-name $server_name;
|
||||
#proxy_set_header x-webobjects-server-url $scheme://$host;
|
||||
}
|
||||
|
||||
location ^~ /Microsoft-Server-ActiveSync {
|
||||
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
|
||||
proxy_redirect http://127.0.0.1:20000/Microsoft-Server-ActiveSync /;
|
||||
}
|
||||
|
||||
location ^~ /SOGo/Microsoft-Server-ActiveSync {
|
||||
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
|
||||
proxy_redirect http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync /;
|
||||
}
|
||||
|
||||
location /SOGo.woa/WebServerResources/ {
|
||||
alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
|
||||
}
|
||||
location /SOGo/WebServerResources/ {
|
||||
alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
|
||||
}
|
||||
location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ {
|
||||
alias /usr/lib64/GNUstep/SOGo/$1.SOGo/Resources/$2;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
__Important note__: You must replace path `/usr/lib/GNUstep/SOGo` with
|
||||
the real directory which contains SOGo files:
|
||||
|
||||
* on i386 platform, it's `/usr/lib/GNUstep/SOGo`.
|
||||
* on x86_64, it's `/usr/lib64/GNUstep/SOGo`.
|
||||
|
||||
## Start SOGo and dependent services
|
||||
|
||||
```
|
||||
# service httpd restart # <- restart 'nginx' service if you're running Nginx
|
||||
# service memcached restart
|
||||
# service sogod restart
|
||||
```
|
||||
|
||||
## Add Dovecot Master User, used for vacation message expiration
|
||||
|
||||
SOGo need a Dovecot Master User to cleanup vacation expiration, please follow
|
||||
our tutorial to add a Dovecot Master User for this purpose: [Dovecot Master User](./dovecot.master.user.html).
|
||||
|
||||
After added a Dovecot Master User for SOGo, we must store its username and
|
||||
plain password in a separate file used by SOGo, we use `/etc/sogo/sieve.cred`
|
||||
here for example.
|
||||
|
||||
Create file `/etc/sogo/sieve.cred`, write Dovecot Master User in this file in
|
||||
format: `username:password`. For example:
|
||||
|
||||
```
|
||||
my_master_user@non-exist.com:my_master_password
|
||||
```
|
||||
|
||||
Set strict file owner and permission:
|
||||
|
||||
```
|
||||
# chown sogo:sogo /etc/sogo/sieve.cred
|
||||
# chmod 0400 /etc/sogo/sieve.cred
|
||||
```
|
||||
|
||||
## Add required cron jobs
|
||||
|
||||
Please add below cron jobs for SOGo daemon user `sogo`. You can add them with
|
||||
command: `crontab -l -u sogo`
|
||||
|
||||
```
|
||||
# iRedMail: SOGo email reminder, should be run every minute.
|
||||
* * * * * /usr/sbin/sogo-ealarms-notify
|
||||
|
||||
# iRedMail: SOGo session cleanup, should be run every minute.
|
||||
# Ajust the [X]Minutes parameter to suit your needs
|
||||
# Example: Sessions without activity since 30 minutes will be dropped:
|
||||
* * * * * /usr/sbin/sogo-tool expire-sessions 30
|
||||
|
||||
# iRedMail: SOGo vacation messages expiration
|
||||
# The credentials file should contain the sieve admin credentials (username:passwd)
|
||||
0 0 * * * /usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.cred
|
||||
```
|
||||
|
||||
## Access SOGo from web browser
|
||||
|
||||
Open your favourite web browser, access URL: `https://[your_server]/SOGo` (the
|
||||
word `SOGo` is case-sensitive), you can login with your email account credential.
|
||||
|
||||
## Configure your mail clients or mobile devices to use CalDav/CardDAV services
|
||||
|
||||
Please check our documents [here](./index.html#configure-mail-client-applications)
|
||||
to configure your mail clients or mobile devices.
|
|
@ -1,6 +1,6 @@
|
|||
* Install SOGo groupware on:
|
||||
|
||||
* CentOS 6: [MySQL](./sogo-centos-6-mysql.html)
|
||||
* CentOS 6: [MySQL](./sogo-centos-6-mysql.html), [OpenLDAP](./sogo-centos-6-openldap.html).
|
||||
|
||||
Documents contributed by iRedMail users:
|
||||
|
||||
|
|
Loading…
Reference in New Issue